46 episodes

Security Unlocked explores the technology and people powering Microsoft's Security solutions. In each episode, Microsoft Security evangelists Nic Fillingham and Natalia Godyla take a closer look at the latest innovations in threat intelligence, security research, and data science, with a special focus on demystifying artificial intelligence and machine learning. Be sure to listen in and follow us!

Security Unlocked Microsoft

    • Technology
    • 5.0 • 24 Ratings

Security Unlocked explores the technology and people powering Microsoft's Security solutions. In each episode, Microsoft Security evangelists Nic Fillingham and Natalia Godyla take a closer look at the latest innovations in threat intelligence, security research, and data science, with a special focus on demystifying artificial intelligence and machine learning. Be sure to listen in and follow us!

    The ‘Three E’s’ of Scam Disruption

    The ‘Three E’s’ of Scam Disruption

    Juan Hardoy leads an international team of investigators, analysts, and lawyers inside the Digital Crimes Unit who share a joint mission to protect customers and promote trust in Microsoft technologies. Hearing that might take your imagination to a place where Juan is deputized to fight crime in digital space, and you wouldn't be completely wrong. Still, unfortunately, he's not sitting at his desk with a sheriff's badge and a cowboy hat. It's not as simple as the days in the west, where you can challenge someone to a duel because of a simple "Pop Up" and claim victory with a glass of whiskey, moving on to the next town with problems. Because in every organization, there's at least one person that will click on anything. These issues will continue to grow and evolve in a world where international and national law enforcement are needed, along with a team of investigators creating what some would call the "secret sauce" for tackling cybercrime.  
     
    In this episode of Security Unlocked, hosts Natalia Godyla and Nic Fillingham are joined by Juan Hardoy, an assistant general counsel with the DCU, to discuss his partnership with governments, elected officials, and policymakers. Juan explains the proactive action against cybercriminals trying to hurt our customers, why people aren't going to use our technology or the internet if they don't trust it, and how they bring them to justice in the form of criminal referrals with civil actions.  
     
    In this episode you will learn: 

    How Juan earned the role of assistant general counsel 

    What new services and technology criminals are using  

    Why education is the best defense against cybercrime and tech scams 

     
    Some questions we ask: 

    Are there any tactics that Microsoft tried in the past that didn't successfully stop the tech support scammers? 

    What is the mission of the digital crimes unit and how do they partner with government and elected officials?  

    Why do tech support scammers seem to target consumers and individuals instead of enterprises and organizations? 


    Resources: 
     
    Visit Nic on LinkedIn 
    Visit  Natalia on LinkedIn 
    Visit Juan Hardoy on LinkedIn 
    Visit Microsoft Security Blog 
     
     Related:   
    Listen to: Security Unlocked: CISO Series with Bret Arsenault 
    Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network. 

    • 36 min
    Entering the Virtual Battlefield

    Entering the Virtual Battlefield

    Have you ever thought about a career in threat intelligence or cyber security? Possibly finishing school with a degree in computer programming and feel overwhelmed with what to do next? Don't worry; we've all experienced this. Maybe not specifically with computer programming, but the figuring it out aspect. You could be ending active military service and working in cyber operations, helping offensive and defensive cyberspace operations, wondering about the next step. The thought of making the transition from military to private industry can be exciting but also nerve-racking. The good news is that there are many different roads to travel, and with the experience and education you've obtained, you'll most likely have more options than you could have ever imagined.
    In this episode of Security Unlocked, host Natalia Godyla is joined by Senior Threat Intelligence Analyst Justin Underwood, an army veteran with the personality and charm to calm your nerves. Currently working for a group known as OPTIC, the Operational Threat Intelligence Center at Microsoft, Justin and Natalia discuss his time at Bank of America and Xbox. He explains how it gave him a better understanding of cybersecurity, how he obtained the title of Human Intelligence Collector, and what helped him transition from the army into the world of threat intelligence and cyber security. 
     
    In This Episode You Will Learn:   

    How to find your place in the world of cybersecurity 

    The challenges faced when making the transition from military to private industry

    What the role of a Human Intelligence Collector is


    Some Questions We Ask:   

    How does military experience help you succeed in the private industry?   

    What military tools are used and overlap in the private sector?  

    What are some big projects currently being worked on?  

     
    Resources:  
    View Justin Underwood on LinkedIn
    View Nic on LinkedIn 
    View Natalia on LinkedIn 
    Visit Microsoft Security Blog 
    Related:  
    Listen to: Security Unlocked: CISO Series with Bret Arsenault

    Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

    • 35 min
    Battling BazaCall BuzzKill

    Battling BazaCall BuzzKill

    It's finally Friday. You successfully made it through another week and the weekend is so close you can taste it. You pour yourself a bowl of your favorite cereal, but before you can get that first bite your phone rings. It's a random number, but for some reason you're feeling chatty and decide to answer. Unfortunately, it's a robot that somehow knows your name and is asking for your social security number, home address, and password from that first AOL account you made in 1998!  It’s easy to recognize classic scams like these, but some of the newer, creative scams can be more challenging to identify.  One of these is called BazaCall, and they don’t call you – oh, no.  BazaCall will have YOU calling THEM! 
    In this episode of Security Unlocked, host Natalia Godyla is re-joined by Microsoft Threat Analysts Emily Hacker and Justin Carroll to talk about a relatively new delivery method for malware and ransomware called BazaCall campaigns. They discuss the different delivery methods used, how attackers evade detection, and where the attack chain begins.     
     
    In This Episode You Will Learn:   

    What makes BazaCall campaigns unique from other email/phone scams 

    How the delivery system works 

    About a new technique called “double extorsion”  


    Some Questions We Ask:   

    What is the flow of the attack chain? 

    What are some new tactics used by BazaCall centers? 

    How can organizations mitigate attacks? 


    Resources:  
    BazaCall: Phony call centers lead to exfiltration and ransomware 
    View Emily on LinkedIn 
    View Justin on LinkedIn 
    View Natalia on LinkedIn 

    Related:  
    Listen to: Security Unlocked: CISO Series with Bret Arsenault

    Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

    • 35 min
    Turning to the Purple SIde

    Turning to the Purple SIde

    Picture this: you’re working on a new software that will revolutionize your industry. You’ve got your work cut out for you, from design to programming to integration. But what about security? Keeping your software secure should be in the conversation from day one, but not all developers are well-versed in application security. The good news is that you’re not alone, and even if this picture that we’ve painted isn’t of you, there are still very accessible ways to learn about application security and information security. One of these ways is We Hack Purple, created by a Microsoft alumnus.  
    In this episode of Security Unlocked, hosts Natalia Godyla and Nic Fillingham are joined by the founder of We Hack Purple and former Microsoft Senior Cloud Advocate, Tanya Janca, to discuss her company, trainings, and why it’s so important to keep up with the newest movements in the world of security. Before founding her company, Tanya found herself red-teaming and blue-teaming, and declared herself in the world of Purple. She brings us into that world, breaks down app-sec framework, and even gives a few sci-fi book recommendations.  

    In This Episode You Will Learn:   

    How to keep up with new practices for security professionals 

    The frame work for application security 

    How to work with and communicate effectively with software developers 


    Some Questions We Ask:   

    How do we bridge the gap between developers and the security world? 

    What are the pros and cons of threat modeling? 

    Who should get involved in application security?  


    Resources:  
    We Hack Purple 
    View Tanya on LinkedIn 
    View Nic on LinkedIn 
    View Natalia on LinkedIn 
     
    Related:  
    Listen to: Security Unlocked: CISO Series with Bret Arsenault

    Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

    • 25 min
    Protecting the Power Grid

    Protecting the Power Grid

    Electricity is all around us. In fact, you’re using it to read this right now. It powers (no pun intended) our everyday lives, and it works without us having to think about it. It’s kind of like breathing. I mean, you don’t have to tell your lungs “Hey! Start breathing right now!” But just like with breathing, the problems that can follow an interruption of electricity can be deadly. It shouldn’t be shocking (pun intended) that keeping power grids secure is an international priority.
    In this episode of Security Unlocked, hosts Natalia Godyla and Nic Fillingham are joined by Microsoft’s Chief Security Advisor, Hafid Elabdellaoui, to talk about making our power grids safe and stable. So much relies on the stability of our power grids, it’s easy to forget how dependent we are. Hafid discusses the growing concerns with supply chain attacks and explains the importance of cyber hygiene at all levels of an organization.

    In This Episode You Will Learn: 

    The challenges of bringing new security practices to the old field of utilities

    Where cybersecurity meets physical security when utilities companies are under threats

    Why keeping a software inventory is crucial to your security


    Some Questions We Ask: 

    How do current power grid risks and threats compare to concerns 20 years ago?

    How do utilities companies work with the government to prevent large-scale power grid failures?

    How does Microsoft prepare for potential threats, and practice their responses?

     
    Resources:
    Defending the power grid against supply chain attacks—Part 1: The risk defined
    Defending the power grid against supply chain attacks—Part 2: Securing hardware and software
    Defending the power grid against supply chain attacks—Part 3: Risk management strategies for the utilities industry
    View Hafid Elabdellaoui on LinkedIn
    View Nic on LinkedIn
    View Natalia on LinkedIn

    Related:  
    Listen to: Security Unlocked: CISO Series with Bret Arsenault

    Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

    • 36 min
    Making the Leap to the Cloud

    Making the Leap to the Cloud

    8 trillion. It’s kind of a big number, right? That’s how many signals are collected, processed, and analyzed by Microsoft’s security team every single day. Those signals are travelling from the cloud, coming through endpoints, coming through Bing, coming through Xbox. All of these signals are turned into intelligence, and if you’re a cloud user, that intelligence is an asset to your security. By making the leap to the cloud, the power, size, and flexibility of Microsoft’s threat intelligence becomes your resource.   
    In this episode of Security Unlocked, hosts Nic Fillingham and Natalia Godyla are re-joined by Microsoft’s Chief Security Advisor, Sarah Armstrong-Smith, to dive deeper into the back half of her four-part series on Becoming Resilient. We explore different cloud models, the shared responsibility of your cloud service provider, and the growing risks of insider threats.  

    In This Episode You Will Learn:  

    Best practices on switching to the cloud and ensuring utmost security 

    Why you need to adapt to stay ahead of threats 

    How to build security cleanly into your foundation and keep from it being a messy afterthought 


    Some Questions We Ask:  

    What do new users gain by moving to the cloud?  

    What errors are organizations making when moving to the cloud? 

    How do we effectively communicate with our security team about business decisions? 


     Resources: 
    Becoming resilient by understanding cybersecurity risks: Part 1
    Becoming resilient by understanding cybersecurity risks: Part 2
    Becoming resilient by understanding cybersecurity risks: Part 3—a security pro’s perspective
    Becoming resilient by understanding cybersecurity risks: Part 4—navigating current threats
    Cloud Adoption Framework 
    View Sarah Armstrong-Smith on LinkedIn
    View Nic on LinkedIn
    View Natalia on LinkedIn 

    Related:  
    Listen to: Security Unlocked: CISO Series with Bret Arsenault

    Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

    • 37 min

Customer Reviews

5.0 out of 5
24 Ratings

24 Ratings

.-ryan-. ,

Great insights

Each episode is a great blend of depth for the security savvy, and breakdowns of technical concepts that make them accessible to anyone who is just curious about security.

//Rani ,

Catching villains

Enjoyed the podcast and mix of technical details and ‘day in the life’ info

Top Podcasts In Technology

Listeners Also Subscribed To